Windows Server 2008

Today I want to discuss the importance of information classification and how it can be used to prevent data breaches and help organizations with compliance requirements such as PCI, HIIPA, ISO 27001, the Massachusetts Data Protection Law 201 and other similar legislation.

Information classification is the critical first step in managing data based on its business value. When the information’s value is understood, organizations can apply security policies to reduce the risk of information leakage. The new File Classification Infrastructure (FCI) in Microsoft Windows 2008 R2 enables organizations to protect data by automatically classifying files and applying policy. FCI includes the ability to define classification properties, automatically classify files based on location and content, and invoke file management tasks such as file expiration and custom commands based on classification.

Once the files have been classified, appropriate security can be applied based on the business value of the information. For example, in a PCI environment, FCI-based classification can be used to identify files that contain sensitive credit card information, and in a health care environment, FCI based classification can identify files with private health information. Once the files have been classified file management tasks can be used to segment sensitive files onto more secure storage devices, to protect files with encryption, and to assign more restrictive permissions to the files. This helps ensure that information stored on file servers is well secured.

Another concern is email. Email messages or email attachments are a security risk as email cannot easily be controlled. One of our FCI partners, Titus Labs has extended classification and information protection to the Microsoft Outlook environment. Titus Labs Message Classification can recognize file attachments that have been classified using FCI.

The Titus Labs solution can examine the FCI classifications of Microsoft Office attachments, and can apply policy that can restrict the distribution of sensitive information. Titus Labs’ Safe Recipient policies can be used to:

• Protect the distribution of email within an organization. By examining all the recipients of an email, the Titus Labs policy can verify via Active Directory whether the recipient is allowed to receive attachments of a given classification. This prevents inadvertent data loss by warning the user that one of the recipients should be removed. For example, in an internal scenario, a financial organization may want to ensure that an employee in corporate finance is restricted from sending files classified as MERGER / ACQUISITION to another employee working as a broker or trader.
• Protect the distribution of email outside the organization. By examining the domain of each of the recipients, the Titus Labs policy can verify that the domain is listed as trusted in the policy and can warn the user of a possible data breach and warn them or force them to change the recipient list. In the following example, the sender has mistakenly selected the wrong Anne Hollingsworth at an external address. The sender receives a warning because the email contains an attachment that has been classified as CONFIDENTIAL / INTERNAL USE.

Invalid recipient is detected based on classification

This is an example of the power of FCI to protect your sensitive information. Click here for more information on FCI.

Sabrinath S. Rao

Sr. Product Marketing Manager

Windows Server Marketing - ISV Ecosystem

The 10 core concepts that every Windows network admin must know. These are the things that you not only need to know in your day to day job as a Windows Network Admin but for anyone who is interviewing as a network admin.

Remember back in December, when we released the Beta version of the Windows Server Migration Tools update...the one that allows you to migrate Hyper-V and Routing and Remote Access Services to servers running Windows Server 2008 R2...no? OK, you don't. That was three months and a lot of holiday partying ago. We understand.

The full release version of the Windows Server 2008 R2 Migration Utilities is now available. The update allows you to use the Windows Server Migration Tools-a set of Windows PowerShell cmdlets that shipped with Windows Server 2008 R2- to migrate Hyper-V and RRAS. And the detailed guides that take you through Hyper-V and RRAS migration, one step at a time, are now complete and live as well.

Full release versions of other guides (for migrations that do not require the Tools) have also gone live. Check out the Windows Server Update Services 3.0 SP2 Migration Guide, and guides for the other role services of Network Policy and Access Services (NPAS), Health Registration Authority and Network Policy Server.

Your feedback is absolutely welcome, and essential to making the guides the best and most useful that they can be. Take a moment to rate the guide topics as you evaluate them, by using the star rating system in the upper right corner of every TechNet page. Fill the accompanying text box with your comments and suggestions for improving the guides. Visit the Windows Server Migration forum to ask questions, or discuss the guides, the Migration tools, or your migration experiences.

Plenty of other Migration resources are available with the new guides; you'll find everything on the Migration Portal for Windows Server 2008 R2.

-- Cheers from the Windows Server Migration Team!

BIEB stands for Microsoft’s Because It’s Everybody’s Business campaign. But it’s more than an ad campaign, it’s also a slick Web resource with loads of value-add IT Pro content. Here’s a quick update on some of the latest additions:

Where the folks in my group build the Windows Server products, Microsoft’s CIO, Tony Scott, actually has to use them. And he’s generally deploying new Microsoft technologies a year or more ahead of everyone else on the planet – while simultaneously servicing the IT needs of 85,000+ of the most technology hungry info workers you’d ever want to meet. Not an easy job. So when Tony wants to talk about the trends and innovations he sees coming in IT, my ears perk up.

You can check out Tony’s article here, as an Adobe Acrobat download (it’s right at the top of the page). His views on unified communications and virtualization were inline with my expectations, but I like his attention to cloud and employee productivity. It’s a short article, and well worth the read.

Additionally, Jeff Wettlaufer writes about the availability of System Center Configuration Manager’s Reporting Dashboard beta; Mike Gannotti gives you an inside peek at how SharePoint is powering the U.S. Olympic Committee’s pressbox site; and yours truly has a new post up there on Windows Server 2008 R2’s top benefits, which links to some deeper interviews given to Windows IT Pro magazine by Bill Laing (Windows Server Corporate Vice President) and our own Ward Ralston, my boss in Windows Server Marketing.

If you’re up for more reading, you can also download a new free e-Book (available here) entitled, Understanding Microsoft Virtualization R2 Solutions. Microsoft has been delivering a slew of new innovation around both server and desktop virtualization over the past several years; so folks looking to get a big picture handle on these new products and how to use them, this is the book for you.

There’s a lot more on the BIEB site, so I encourage you to poke around there for a while. And as always, ideas and feedback are much appreciated.

Oliver Rist

Windows Server Marketing

DameWare NT Utilities was selected the winner in the Remote Control category of the WindowsNetworking.com Readers' Choice Awards. VNC Enterprise Edition and Radmin 3 Remote Control Software were runner-up and second runner-up respectively.

How to use the MDT database to deploy Windows 7 together with Microsoft Office 2007 based on the make and model of your target computers.

Taking a look at the Name Resolution Policy Table (NRPT) in Windows Server 2008 R2.

With the release of Windows Server 2008 R2, the Windows Server platform has evolved into a robust and scalable platform aimed squarely at the heaviest data center loads – and we’re always looking at new ways to prove it. Recently, in conjunction with Intel hardware, Windows Server 2008 R2 and Hyper-V achieved amazing throughput results over iSCSI.

iSCSI stands for Internet Small Computer System Interface and amounts to a storage networking protocol that can carry SCSI data over TCP/IP networks. Because it allows client initiators to send storage commands to target SCSI-based storage devices on other machines across high-speed Ethernet networks, iSCSI is a popular way to build Storage Area Networks (SANs), as it allows network architects to use generic Ethernet components rather than closed-system SAN products. That means both a cheaper SAN network as well as an easier management stack.

The only trouble with iSCSI over Ethernet has been a nagging perception that this combination is slower than competing systems – and slow is death when you’re talking about storage. But that’s looking like a perception of the past following a fantastic iSCSI benchmarking result done with Intel hardware and Microsoft Windows Server software in January of 2010. Running on server hardware equipped with an Intel Xeon 5580 CPU and an Intel 82599 10GbE network interface card (NIC), Windows Server 2008 R2 achieved 715,000 IOPs. Leveraging new 10GbE network technology from Intel as well as the combination of Intel Virtual Machine Device Queuing (VMDq) matched with Windows Server 2008 R2 Hyper-V Virtual Machine Queuing (VMQ), the combination achieved a performance result that amounts to line rate 10GbE performance and near-native iSCSI performance across a network!

Results like these prove that combining Windows Server 2008 R2 with high-performance hardware can provide bleeding edge performance without the need to move to closed, proprietary systems –while still providing enough horsepower to tackle heavy data center workloads. Lots of kudos to Intel and the Windows Server Storage Technologies team for some excellent engineering. For some more information on this benchmark result, check this post from the virt team.

Oliver Rist

Windows Server Marketing

What ADM templates do and how to edit them in your new Windows Server 2008/Vista/7 environment.

Virtualization is arguably the hottest IS technology today, crossing from data center to desktop and spawning a wave of innovation across the industry. If all this new technology has you scratching your head, make a point to check out the Microsoft Virtualization Summit 2010 coming soon to a city near you. The goal of these events is to provide answers to customer questions about Microsoft's extended virtualization stack. Attend the show to learn how server & desktop virtualization can help you:

• Build a desktop virtualization management strategy that helps you manage your applications, data, mobile workers and multiple physical and virtual form factors.
• Reduce desktop costs.
• Enable flexible and agile IT through virtualization.
• Increase desktop security and compliance.
• Improve business continuity and end user productivity.
• Understand how Microsoft is building a solid foundation for a private cloud.
• Increase end user productivity and streamline your IT management with Windows 7.

Don't miss it!

Oliver Rist